Sunday, August 24, 2014

will scan your device to determine:- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices- If your system settings allow 'Untrusted Sources' application installs- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws.

Further details of the Android "Fake ID" and "Master Key" security flaws are available

eEye Android Scanner:
eEye Digital Security, the security industry's most trusted name in
vulnerability assessment has brought their expertise to your Android
phone.
Did you know that more than 80% of employees now use personal
smartphones for work-related purposes? Every day these devices access
email, games, and work related materialand are unchecked by your businesses' standard vulnerability management processes.
Until
now, one of the biggest challenges for consumers and information
technology security teams was they inability to determine potential
vulnerabilities on their mobile assets as they do their servers and
desktops. Watch the video below to see how Retina CS is solving that
problem and how users can download the tool for free to check their own
devices.
Benefits of Mobile Security in Retina CS to extend the benefits of this free agent:
Retina CS is the first and only product to integrate mobile device
assessment and vulnerability management for complete visibility and
context on all vulnerabilities ­ so that your team can discover,
prioritize, and fix weaknesses quickly.

does this by automatically checking your Android tablet or phone for over
400 security vulnerabilities in both the operating system and installed
apps, and gives you the result in seconds as to which ones are
vulnerable and need to be updated. The Security Advisor also works with
all other security apps such as anti-virus and anti-malware apps.

helps to provide confidence that Android apps and devices
being developed by, or deployed across, your organisation do not pose an
unacceptable level of risk. By allowing you to interact with the Dalvik
VM, other apps’ IPC endpoints and the underlying OS.

Drozer provides tools to help you use and share public exploits for
Android. For remote exploits, it can generate shellcode to help you to
deploy the drozer Agent as a remote administrator tool, with maximum
leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.

Discover and interact with the attack surface exposed by Android apps.

Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

is a list of android apps for penetration testing.IT IS JUST A LIST,
DON'T EXPECT ANYTHING MORE THAN THAT (sorry for all caps, but some
people expect matrix meets mission impossible... and give a bad rating
when their expectations are not met :) )
Please read the description...
Penetration
test is used to test security of something. (if that something passes
penetration test, there is a higher chance that hacker cant hack into
it)

Apps are sorted with Tags.
Features:Links to Apps on the Play Store.Links to Apps that are NOT on the Play StoreLinks to Source Code of Open Source AppsLinks to App websites.Links to Google the name of the App or App Package.

Saturday, August 23, 2014

A little tool for local and remote file inclusion auditing and exploitation.

Fimap is a little python tool which can find, prepare, audit, exploit
and even google automaticly for local and remote file inclusion bugs in
webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

The goal of fimap is to improve the quality and security of your website.

What works currently?

Check a Single URL, List of URLs, or Google results fully automaticly.

Can identify and exploit file inclusion bugs.

Relative\Absolute Path Handling.

Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.

Uniscan:
is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.

This tool identify six vulnerability :-

* Blind SQL-Injection

* Remote File Include (RFI)

* Local File Include (LFI)

* Remote Command Execution (RCE)

* Cross-Site Scripting (XSS)

* SQL-Injection (SQL-i)

Download Link : http://sourceforge.net/projects/uniscan/

Darkjumper.py:
This tool will try to find every website that host at the same server at your target
Then check for every vulnerability of each website that host at the same server.

Features

scan sql injection, rfi, lfi, blind sql, rce injection

autosql injector

proxy support

verbocity added

autoftp bruteforcer

IP or Proxy checker and GeoIP

Download Link : http://sourceforge.net/projects/darkjumper/

Simple Local File Inclusion:

Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI
vulnerabilities. After you found one, simply pass the URL of the
affected website and the vulnerable parameter to this tool. You can also
use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Thursday, August 7, 2014

Wireshark:
is a network packet analyzer. A network packet analyzer will try to
capture network packets and tries to display that packet data as detailed as
possible.Wireshark can capture traffic from many different network media types - and
despite its name - including wireless LAN as well. Which media types are
supported, depends on many things like the operating system you are using

Download Link : https://www.wireshark.org/download.html

Capsa:
is the name for a family of packet analyzer developed by Colasoft for network administrators to monitor, troubleshoot and analyze wired & wireless networks. Currently, there are three editions available: Capsa Enterprise Edition, Capsa Professional Edition, and Capsa Free .

NetworkMiner:
is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD).
NetworkMiner can be used as a passive network sniffer/packet
capturing tool in order to detect operating systems, sessions,
hostnames, open ports etc. without putting any traffic on the network.
NetworkMiner can also parse PCAP files for off-line analysis and to
regenerate/reassemble transmitted files and certificates from PCAP
files.

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that
can detect the OS, hostname and open ports of network hosts through
packet sniffing or by parsing a PCAP file. NetworkMiner can also extract
transmitted files from network traffic.

SharpPcap:
is a cross-platform packet capture framework for the .NET
environment, based on the famous pcap / WinPcap libraries. It provides
an API for capturing, injecting, analyzing and building packets using
any .NET language such as C# and VB.NET.

Wednesday, April 23, 2014

Mobile device forensics :
is directly connected to digital forensics and
can be defined as being the recovery of digital information or data
which is often used for criminal evidence. Mobile Device Forensics by
definition applies only to mobile devices, e.g. tablets, cell phones
etc, but it the term also includes any portable digital device that has
both internal memory and communication abilities such as PDA devices and
also GPS devices.

iPhone Analyzer:

allows you to forensically examine or recover date from
in iOS device. It principally works by importing backups produced by
iTunes or third party software, and providing you with a rich interface
to explore, analyses and recover data in human readable formats. Because
it works from the backup files everything is forensically safe, and no
changes are made to the original data.

BitPim:
is a program that allows you to view and manipulate
data on many CDMA phones from LG, Samsung, Sanyo and other
manufacturers. This includes the PhoneBook, Calendar,
WallPapers, RingTones (functionality varies by phone) and the
Filesystem for most Qualcomm CDMA chipset based phones.

this tool which discusses a crucial aspect of Mobile Device Forensics,
i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if
this tool is publically available and if anyone reading this can help us
locate where to find it we’d been very grateful!.

In examining the MIAT dump of the phone's
filesystem, I found the following interesting items of evidence (note
that these are not intended to be comprehensive):

\Windows\Profiles\guest\ - Contained the Pocket IE
cache, including Cookies, index.dat (which was not extracted due to the
previously specified issue), and Temporary Internet Files

\Windows\Messaging
- Contained various .mbp files which proved to hold the text of
downloaded email messages. There is also an Attachments folder under
this path that may hold downloaded attachments.

\Windows\ActiveSync - Contained various configuration and log files from Activesync

\Windows\Favorites - Contained Favorite links used by Pocket IE

\Application
Data\GoogleMaps - Contained configuration and cache files used by the
installed Google Maps application. These files are all binary, but one
of them, prefsext.dat, contains a variety of strings which match
searches that have been performed and results (street addresses) which
have been returned. Somebody could probably reverse engineer the format
and write a parser for this that would be really useful.

\*.vol
these files contain Embedded databases, which include all of the
phone-related information such as call logs, phone book, appointment
list, etc. I haven't yet found a free application to parse them, but
there's got to be something out there.

I also found a number of
other empty Attachments folders, as well as additional empty Profiles
and Temporary Internet Folders folders. This probably means that these
various locations are implementation dependant.

Santoku Community Edition: runs in the lightweight Lubuntu Linux distro.
It can be run in VirtualBox (recommended) or VMWare Player, both
available free and run on Linux, Mac or Windows. The Lubuntu download is
large because it is a full .iso. We recommend you download on a fast
connection.

Tools to acquire and analyze data

Firmware flashing tools for multiple manufacturers

Imaging tools for NAND, media cards, and RAM

Free versions of some commercial forensics tools

Useful scripts and utilities specifically designed for mobile forensics

Oxygen Forensics Suite (Standard Edition) is a tool that will help you
achieve this. Features include the ability to gather Device Information
(Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts,
Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call
Logs, and Calendar and Task information. It also comes with a file
browser which allows you to access and analyse user photos, videos,
documents and device databases.

Friday, March 14, 2014

Tortilla: is an open source tool that
allows users to securely, anonymously, and transparently route all
TCP/IP and DNS traffic through Tor, regardless of the client software,
and without relying on VPNs or additional hardware or virtual machines.

Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above

Thursday, March 13, 2014

CrowdResponse:
is a community-based platform that may
eventually support as many as 25 software modules, each serving a
different aspect of the incident response process, Kurtz says. This
week's release includes three modules: @dirtlist, @pslist, and @yara.

@dirlist

This is the directory-listing module. This sounds quite simple, but it is actually extremely powerful.
The CrowdResponse DirList module enables the following features:

Verify and display digital signature information

Utilize a path exclusion/inclusion regular expression filter that acts on the full path name

Use a file wildcard mask to limit processing to specific file name components

SHA256 and MD5 file hashing

Perform "quick" hash of only the first 512 bytes of the file

Option to not hash files greater than a given size

Display application resource information

Select recursive listings and control recursion depth

Display creation, modification and access times for files

Optionally process only Windows executable (PE) files

@pslist

This is the active running process listing module.
The CrowdResponse PSList module enables the following features:

Verify the digital signature of the process executable

Obtain process command line

Obtain detailed PE file information for each process executable

Perform SHA256 and MD5 hashes of process executables

Enumerate loaded modules for each process

Control PE output detail level of function names for imports and exports

Control PE output detail level of resource information

Control format (nested or flat) for PE file resource information

Check for process thread injection

@yara

The
YARA processing module is the one I am most excited about. YARA will be
familiar to many as an incredibly useful tool aimed at helping malware
researchers identify and classify malware. It can act on files on disk
or in-memory process images and runs a set of pattern matching rules
against the target of investigation.
While we have incorporated a fully functional version of YARA into CrowdResponse,
we have made it very simple to use for analyzing all active process
binaries and memory. Along with the regular ability to target a specific
single-process ID or one or more files, we can automatically enumerate
all running processes and launch YARA rules against them all by simply
specifying a single tool option. This enables quick and easy evaluation
of a system without resorting to cumbersome scripting. This
functionality greatly speeds the scan time and aids a responder in
quickly pinpointing adversary activity on a suspect system.
The CrowdResponse YARA module enables the following features:

Scan memory of all currently active running processes

Scan on-disk files of all currently active running processes

Download YARA rule files from a provided URL

Control target path recursion depth

Utilize a target path exclusion/inclusion regular expression filter that acts on the full path name

Use a file target wildcard mask to limit processing to specific file name components

Option to only show positive hits

Option to specify YARA rule file name mask

Utilize a YARA file inclusion regular expression filter that acts on the full path name

Scan all loaded module files of active processes

Operate on a single process ID

Optional recursion into provided YARA rules directory

Crowd Response is a lightweight Windows console
application designed to aid in the gathering of system information for
incident response and security engagements. The application contains
numerous modules, each of them invoked by providing specific command
line parameters to the main application. Modules are all built into the
main application in C++ language utilizing the Win32 API to achieve
their functionality.
Crowd Response results may be viewed in a variety of ways,
particularly when leveraging CrowdStrike’s CRconvert. By default, output
from Crowd Response is provided in an XML file. CRconvert will flatten
this XML to CSV, TSV or HTML, if desired. The various format options
were created to support the different needs and analysis preferences of
the end user.
Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above.

"Footprinting" is the process of understanding as much as possible about a given target in order to perform a more complete security penetration test. Particularly for large networks, this can be a daunting task.

The main objective of SpiderFoot is to automate this process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself.

SpiderFoot is designed from the ground-up to be modular. This means
you can easily add your own modules that consume data from other modules
to perform whatever task you desire.

As a simple example, you could create a module that
automatically attempts to brute-force usernames and passwords any time a
password-handling webpage is identified by the spidering module.

SpiderFoot 2.1.0 is now available, a major update over 2.0.5 which was released back in September.

Major improvements are as follows:

- Identifies sites co-hosted on IPs of your target.- Checks whether your target, affiliates or co-hosts have a bad reputation (PhishTank, Google SafeBrowsing, McAfee SiteAdvisor, abuse.ch and many more.)- Identifies the ISPs and BGP AS of your target.- Smarter at identifying owned netblocks.- UI enhancements, including some data visualizations.- More comprehensive searches across other Internet TLDs.- Identifies the use of non-standard HTTP headers.- Bing searches.- Many tweaks, improvements and bug fixes.

WebUI-----* Implemented Scan Scheduler with support for recurring scans.* Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.

Issues table

The issues table has been massively redesigned
to provide more context at a glance and help you prioritize and focus on
the issues that interest you most.

While the scan is running and new issues appear, High and Medium severity type groups will, by default, be displayed as expanded, to show each logged issue, while Low and Informational severity ones will be displayed as collapsed. This way your attention will be drawn to where it’s most needed.
Of
course, you can change the visibility settings to suit your
preferences, using the controls on the left of the table, as well as
reset them to their default configuration.

Scan scheduling

The
major change for the web interface is the addition of the much awaited
Scheduler, which combined with the existing incremental/revisioned scans
provides quite a powerful feature. In essence, it allows you to
schedule a scan to run at a later time and optionally configure it to be
a recurring one.

What’s interesting here is the recurring bit, each scan occurrence is
not a separate entity but a revision of the previous scan, this way
you’ll be able to track changes in your website’s security with ease. It
also allows you to speed things up by providing you with the ability to
feed the sitemaps of previous revisions to the next one (either to
extend or restrict the scope), thus making the crawl process much faster
(or skipping it altogether).

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.

The following list contains free and open source Web Conferencing tools that are n't in particular order.

Also, you should be sure that the e-Learning community will highly appreciate:

if you post a comment with your experience with these tools and/or,

if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?

BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.

*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.

OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.

OpenMeetings Key Features Mini Demo

Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.

Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees

Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.

With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.

Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.

*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront Open Source Learning Management System.

Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free